mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 16:35:02 +01:00
1251 lines
41 KiB
Diff
1251 lines
41 KiB
Diff
Index: b/security/apparmor/apparmor.h
|
|
===================================================================
|
|
--- a/security/apparmor/apparmor.h
|
|
+++ b/security/apparmor/apparmor.h
|
|
@@ -34,16 +34,16 @@ static inline int mediated_filesystem(st
|
|
#define PROFILE_COMPLAIN(_profile) \
|
|
(apparmor_complain == 1 || ((_profile) && (_profile)->flags.complain))
|
|
|
|
-#define SUBDOMAIN_COMPLAIN(_sd) \
|
|
+#define APPARMOR_COMPLAIN(_cxt) \
|
|
(apparmor_complain == 1 || \
|
|
- ((_sd) && (_sd)->active && (_sd)->active->flags.complain))
|
|
+ ((_cxt) && (_cxt)->active && (_cxt)->active->flags.complain))
|
|
|
|
#define PROFILE_AUDIT(_profile) \
|
|
(apparmor_audit == 1 || ((_profile) && (_profile)->flags.audit))
|
|
|
|
-#define SUBDOMAIN_AUDIT(_sd) \
|
|
+#define APPARMOR_AUDIT(_cxt) \
|
|
(apparmor_audit == 1 || \
|
|
- ((_sd) && (_sd)->active && (_sd)->active->flags.audit))
|
|
+ ((_cxt) && (_cxt)->active && (_cxt)->active->flags.audit))
|
|
|
|
/*
|
|
* DEBUG remains global (no per profile flag) since it is mostly used in sysctl
|
|
@@ -109,34 +109,31 @@ struct aa_profile {
|
|
};
|
|
|
|
/**
|
|
- * struct subdomain - primary label for confined tasks
|
|
+ * struct aa_task_context - primary label for confined tasks
|
|
* @active: the current active profile
|
|
* @hat_magic: the magic token controling the ability to leave a hat
|
|
- * @list: list this subdomain is on
|
|
- * @task: task that the subdomain confines
|
|
+ * @list: list this aa_task_context is on
|
|
+ * @task: task that the aa_task_context confines
|
|
* @caps_logged: caps that have previously generated log entries
|
|
*
|
|
* Contains the tasks current active profile (which could change due to
|
|
* change_hat). Plus the hat_magic needed during change_hat.
|
|
- *
|
|
- * N.B AppArmor's previous product name SubDomain was derived from the name
|
|
- * of this structure/concept (changehat reducing a task into a sub-domain).
|
|
*/
|
|
-struct subdomain {
|
|
+struct aa_task_context {
|
|
struct aa_profile *active; /* The current active profile */
|
|
u32 hat_magic; /* used with change_hat */
|
|
- struct list_head list; /* list of subdomains */
|
|
+ struct list_head list;
|
|
struct task_struct *task;
|
|
kernel_cap_t caps_logged;
|
|
};
|
|
|
|
-typedef int (*aa_iter) (struct subdomain *, void *);
|
|
+typedef int (*aa_iter) (struct aa_task_context *, void *);
|
|
|
|
-#define AA_SUBDOMAIN(sec) ((struct subdomain*)(sec))
|
|
+#define AA_TASK_CONTEXT(sec) ((struct aa_task_context*)(sec))
|
|
#define AA_PROFILE(sec) ((struct aa_profile*)(sec))
|
|
|
|
-/* Lock protecting access to 'struct subdomain' accesses */
|
|
-extern spinlock_t sd_lock;
|
|
+/* Lock protecting access to 'struct aa_task_context' accesses */
|
|
+extern spinlock_t cxt_lock;
|
|
|
|
extern struct aa_profile *null_complain_profile;
|
|
|
|
@@ -231,11 +228,11 @@ extern void aa_profilelist_release(void)
|
|
extern struct aa_profile *aa_profilelist_replace(struct aa_profile *profile);
|
|
extern void aa_profile_dump(struct aa_profile *);
|
|
extern void aa_profilelist_dump(void);
|
|
-extern void aa_subdomainlist_add(struct subdomain *);
|
|
-extern void aa_subdomainlist_remove(struct subdomain *);
|
|
-extern void aa_subdomainlist_iterate(aa_iter, void *);
|
|
-extern void aa_subdomainlist_iterateremove(aa_iter, void *);
|
|
-extern void aa_subdomainlist_release(void);
|
|
+extern void aa_task_context_list_add(struct aa_task_context *);
|
|
+extern void aa_task_context_list_remove(struct aa_task_context *);
|
|
+extern void aa_task_context_list_iterate(aa_iter, void *);
|
|
+extern void aa_task_context_list_iterateremove(aa_iter, void *);
|
|
+extern void aa_task_context_list_release(void);
|
|
|
|
/* module_interface.c */
|
|
extern ssize_t aa_file_prof_add(void *, size_t);
|
|
Index: b/security/apparmor/inline.h
|
|
===================================================================
|
|
--- a/security/apparmor/inline.h
|
|
+++ b/security/apparmor/inline.h
|
|
@@ -12,9 +12,9 @@
|
|
|
|
#include <linux/sched.h>
|
|
|
|
-static inline int __aa_is_confined(struct subdomain *sd)
|
|
+static inline int __aa_is_confined(struct aa_task_context *cxt)
|
|
{
|
|
- return (sd && sd->active);
|
|
+ return (cxt && cxt->active);
|
|
}
|
|
|
|
/**
|
|
@@ -24,13 +24,14 @@ static inline int __aa_is_confined(struc
|
|
*/
|
|
static inline int aa_is_confined(void)
|
|
{
|
|
- struct subdomain *sd = AA_SUBDOMAIN(current->security);
|
|
- return __aa_is_confined(sd);
|
|
+ struct aa_task_context *cxt = AA_TASK_CONTEXT(current->security);
|
|
+ return __aa_is_confined(cxt);
|
|
}
|
|
|
|
-static inline int __aa_sub_defined(struct subdomain *sd)
|
|
+static inline int __aa_sub_defined(struct aa_task_context *cxt)
|
|
{
|
|
- return __aa_is_confined(sd) && !list_empty(&BASE_PROFILE(sd->active)->sub);
|
|
+ return __aa_is_confined(cxt) &&
|
|
+ !list_empty(&BASE_PROFILE(cxt->active)->sub);
|
|
}
|
|
|
|
/**
|
|
@@ -39,8 +40,8 @@ static inline int __aa_sub_defined(struc
|
|
*/
|
|
static inline int aa_sub_defined(void)
|
|
{
|
|
- struct subdomain *sd = AA_SUBDOMAIN(current->security);
|
|
- return __aa_sub_defined(sd);
|
|
+ struct aa_task_context *cxt = AA_TASK_CONTEXT(current->security);
|
|
+ return __aa_sub_defined(cxt);
|
|
}
|
|
|
|
/**
|
|
@@ -73,11 +74,11 @@ static inline void put_aa_profile(struct
|
|
*/
|
|
static inline struct aa_profile *get_task_activeptr_rcu(struct task_struct *tsk)
|
|
{
|
|
- struct subdomain *sd = AA_SUBDOMAIN(tsk->security);
|
|
+ struct aa_task_context *cxt = AA_TASK_CONTEXT(tsk->security);
|
|
struct aa_profile *active = NULL;
|
|
|
|
- if (sd)
|
|
- active = (struct aa_profile *) rcu_dereference(sd->active);
|
|
+ if (cxt)
|
|
+ active = (struct aa_profile *) rcu_dereference(cxt->active);
|
|
|
|
return active;
|
|
}
|
|
@@ -115,77 +116,80 @@ static inline struct aa_profile *get_act
|
|
}
|
|
|
|
/**
|
|
- * aa_switch - change subdomain to use a new profile
|
|
- * @sd: subdomain to switch the active profile on
|
|
+ * aa_switch - change aa_task_context to use a new profile
|
|
+ * @cxt: aa_task_context to switch the active profile on
|
|
* @newactive: new active profile
|
|
*
|
|
- * aa_switch handles the changing of a subdomain's active profile. The
|
|
- * sd_lock must be held to ensure consistency against other writers.
|
|
- * Some write paths (ex. aa_register) require sd->active not to change
|
|
+ * aa_switch handles the changing of a aa_task_context's active profile. The
|
|
+ * cxt_lock must be held to ensure consistency against other writers.
|
|
+ * Some write paths (ex. aa_register) require cxt->active not to change
|
|
* over several operations, so the calling function is responsible
|
|
- * for grabing the sd_lock to meet its consistency constraints before
|
|
+ * for grabing the cxt_lock to meet its consistency constraints before
|
|
* calling aa_switch
|
|
*/
|
|
-static inline void aa_switch(struct subdomain *sd, struct aa_profile *newactive)
|
|
+static inline void aa_switch(struct aa_task_context *cxt,
|
|
+ struct aa_profile *newactive)
|
|
{
|
|
- struct aa_profile *oldactive = sd->active;
|
|
+ struct aa_profile *oldactive = cxt->active;
|
|
|
|
/* noop if NULL */
|
|
- rcu_assign_pointer(sd->active, get_aa_profile(newactive));
|
|
- sd->caps_logged = CAP_EMPTY_SET;
|
|
+ rcu_assign_pointer(cxt->active, get_aa_profile(newactive));
|
|
+ cxt->caps_logged = CAP_EMPTY_SET;
|
|
put_aa_profile(oldactive);
|
|
}
|
|
|
|
/**
|
|
- * aa_switch_unconfined - change subdomain to be unconfined (no profile)
|
|
- * @sd: subdomain to switch
|
|
+ * aa_switch_unconfined - change aa_task_context to be unconfined (no profile)
|
|
+ * @cxt: aa_task_context to switch
|
|
*
|
|
- * aa_switch_unconfined handles the removal of a subdomain's active profile.
|
|
- * The sd_lock must be held to ensure consistency against other writers.
|
|
- * Like aa_switch the sd_lock is used to maintain consistency.
|
|
+ * aa_switch_unconfined handles the removal of a aa_task_context's active
|
|
+ * profile. The cxt_lock must be held to ensure consistency against other
|
|
+ * writers. Like aa_switch the cxt_lock is used to maintain consistency.
|
|
*/
|
|
-static inline void aa_switch_unconfined(struct subdomain *sd)
|
|
+static inline void aa_switch_unconfined(struct aa_task_context *cxt)
|
|
{
|
|
- aa_switch(sd, NULL);
|
|
+ aa_switch(cxt, NULL);
|
|
|
|
/* reset magic in case we were in a subhat before */
|
|
- sd->hat_magic = 0;
|
|
+ cxt->hat_magic = 0;
|
|
}
|
|
|
|
/**
|
|
- * alloc_subdomain - allocate a new subdomain
|
|
+ * alloc_aa_task_context - allocate a new aa_task_context
|
|
* @tsk: task struct
|
|
*
|
|
- * Allocate a new subdomain including a backpointer to it's referring task.
|
|
+ * Allocate a new aa_task_context including a backpointer to it's referring
|
|
+ * task.
|
|
*/
|
|
-static inline struct subdomain *alloc_subdomain(struct task_struct *tsk)
|
|
+static inline struct aa_task_context *alloc_aa_task_context(struct task_struct *tsk)
|
|
{
|
|
- struct subdomain *sd;
|
|
+ struct aa_task_context *cxt;
|
|
|
|
- sd = kzalloc(sizeof(struct subdomain), GFP_KERNEL);
|
|
- if (!sd)
|
|
+ cxt = kzalloc(sizeof(struct aa_task_context), GFP_KERNEL);
|
|
+ if (!cxt)
|
|
goto out;
|
|
|
|
/* back pointer to task */
|
|
- sd->task = tsk;
|
|
+ cxt->task = tsk;
|
|
|
|
/* any readers of the list must make sure that they can handle
|
|
- * case where sd->active is not yet set (null)
|
|
+ * case where cxt->active is not yet set (null)
|
|
*/
|
|
- aa_subdomainlist_add(sd);
|
|
+ aa_task_context_list_add(cxt);
|
|
|
|
out:
|
|
- return sd;
|
|
+ return cxt;
|
|
}
|
|
|
|
/**
|
|
- * free_subdomain - Free a subdomain previously allocated by alloc_subdomain
|
|
- * @sd: subdomain
|
|
+ * free_aa_task_context - Free a aa_task_context previously allocated by
|
|
+ * alloc_aa_task_context
|
|
+ * @cxt: aa_task_context
|
|
*/
|
|
-static inline void free_subdomain(struct subdomain *sd)
|
|
+static inline void free_aa_task_context(struct aa_task_context *cxt)
|
|
{
|
|
- aa_subdomainlist_remove(sd);
|
|
- kfree(sd);
|
|
+ aa_task_context_list_remove(cxt);
|
|
+ kfree(cxt);
|
|
}
|
|
|
|
/**
|
|
Index: b/security/apparmor/list.c
|
|
===================================================================
|
|
--- a/security/apparmor/list.c
|
|
+++ b/security/apparmor/list.c
|
|
@@ -17,9 +17,9 @@
|
|
static LIST_HEAD(profile_list);
|
|
static rwlock_t profile_lock = RW_LOCK_UNLOCKED;
|
|
|
|
-/* list of all subdomains and lock */
|
|
-static LIST_HEAD(subdomain_list);
|
|
-static rwlock_t subdomain_lock = RW_LOCK_UNLOCKED;
|
|
+/* list of all task_contexts and lock */
|
|
+static LIST_HEAD(task_context_list);
|
|
+static rwlock_t task_context_list_lock = RW_LOCK_UNLOCKED;
|
|
|
|
/**
|
|
* aa_profilelist_find
|
|
@@ -151,77 +151,78 @@ void aa_profilelist_release(void)
|
|
}
|
|
|
|
/**
|
|
- * aa_subdomainlist_add - Add subdomain to subdomain_list
|
|
- * @sd: new subdomain
|
|
+ * aa_task_context_list_add - Add aa_task_context to task_context_list
|
|
+ * @cxt: new aa_task_context
|
|
*/
|
|
-void aa_subdomainlist_add(struct subdomain *sd)
|
|
+void aa_task_context_list_add(struct aa_task_context *cxt)
|
|
{
|
|
unsigned long flags;
|
|
|
|
- if (!sd) {
|
|
- AA_INFO("%s: bad subdomain\n", __FUNCTION__);
|
|
+ if (!cxt) {
|
|
+ AA_INFO("%s: bad aa_task_context\n", __FUNCTION__);
|
|
return;
|
|
}
|
|
|
|
- write_lock_irqsave(&subdomain_lock, flags);
|
|
- /* new subdomains must be added to the end of the list due to a
|
|
+ write_lock_irqsave(&task_context_list_lock, flags);
|
|
+ /* new aa_task_contexts must be added to the end of the list due to a
|
|
* subtle interaction between fork and profile replacement.
|
|
*/
|
|
- list_add_tail(&sd->list, &subdomain_list);
|
|
- write_unlock_irqrestore(&subdomain_lock, flags);
|
|
+ list_add_tail(&cxt->list, &task_context_list);
|
|
+ write_unlock_irqrestore(&task_context_list_lock, flags);
|
|
}
|
|
|
|
/**
|
|
- * aa_subdomainlist_remove - Remove subdomain from subdomain_list
|
|
- * @sd: subdomain to be removed
|
|
+ * aa_task_context_list_remove - Remove aa_task_context from task_context_list
|
|
+ * @cxt: aa_task_context to be removed
|
|
*/
|
|
-void aa_subdomainlist_remove(struct subdomain *sd)
|
|
+void aa_task_context_list_remove(struct aa_task_context *cxt)
|
|
{
|
|
unsigned long flags;
|
|
|
|
- if (sd) {
|
|
- write_lock_irqsave(&subdomain_lock, flags);
|
|
- list_del_init(&sd->list);
|
|
- write_unlock_irqrestore(&subdomain_lock, flags);
|
|
+ if (cxt) {
|
|
+ write_lock_irqsave(&task_context_list_lock, flags);
|
|
+ list_del_init(&cxt->list);
|
|
+ write_unlock_irqrestore(&task_context_list_lock, flags);
|
|
}
|
|
}
|
|
|
|
/**
|
|
- * aa_subdomainlist_iterate - iterate over the subdomain list applying @func
|
|
+ * aa_task_context_list_iterate - apply @func over the task_context_list
|
|
* @func: method to be called for each element
|
|
* @cookie: user passed data
|
|
*
|
|
- * Iterate over subdomain list applying @func, stop when @func returns
|
|
+ * Iterate over aa_task_context list applying @func, stop when @func returns
|
|
* non zero
|
|
*/
|
|
-void aa_subdomainlist_iterate(aa_iter func, void *cookie)
|
|
+void aa_task_context_list_iterate(aa_iter func, void *cookie)
|
|
{
|
|
- struct subdomain *node;
|
|
+ struct aa_task_context *node;
|
|
int ret = 0;
|
|
unsigned long flags;
|
|
|
|
- read_lock_irqsave(&subdomain_lock, flags);
|
|
- list_for_each_entry(node, &subdomain_list, list) {
|
|
+ read_lock_irqsave(&task_context_list_lock, flags);
|
|
+ list_for_each_entry(node, &task_context_list, list) {
|
|
ret = (*func) (node, cookie);
|
|
if (ret != 0)
|
|
break;
|
|
}
|
|
- read_unlock_irqrestore(&subdomain_lock, flags);
|
|
+ read_unlock_irqrestore(&task_context_list_lock, flags);
|
|
}
|
|
|
|
/**
|
|
- * aa_subdomainlist_release - Remove all subdomains from subdomain_list
|
|
+ * aa_task_context_list_release - Remove all aa_task_contexts from
|
|
+ * task_context_list
|
|
*/
|
|
-void aa_subdomainlist_release(void)
|
|
+void aa_task_context_list_release(void)
|
|
{
|
|
- struct subdomain *node, *tmp;
|
|
+ struct aa_task_context *node, *tmp;
|
|
unsigned long flags;
|
|
|
|
- write_lock_irqsave(&subdomain_lock, flags);
|
|
- list_for_each_entry_safe(node, tmp, &subdomain_list, list) {
|
|
+ write_lock_irqsave(&task_context_list_lock, flags);
|
|
+ list_for_each_entry_safe(node, tmp, &task_context_list, list) {
|
|
list_del_init(&node->list);
|
|
}
|
|
- write_unlock_irqrestore(&subdomain_lock, flags);
|
|
+ write_unlock_irqrestore(&task_context_list_lock, flags);
|
|
}
|
|
|
|
/* seq_file helper routines
|
|
Index: b/security/apparmor/lsm.c
|
|
===================================================================
|
|
--- a/security/apparmor/lsm.c
|
|
+++ b/security/apparmor/lsm.c
|
|
@@ -21,8 +21,8 @@
|
|
#include "apparmor.h"
|
|
#include "inline.h"
|
|
|
|
-/* struct subdomain write update lock (read side is RCU). */
|
|
-spinlock_t sd_lock = SPIN_LOCK_UNLOCKED;
|
|
+/* struct aa_task_context write update lock (read side is RCU). */
|
|
+spinlock_t cxt_lock = SPIN_LOCK_UNLOCKED;
|
|
|
|
/* Flag values, also controllable via apparmorfs/control.
|
|
* We explicitly do not allow these to be modifiable when exported via
|
|
@@ -249,7 +249,8 @@ static int apparmor_inode_mkdir(struct i
|
|
active = get_active_aa_profile();
|
|
|
|
if (active)
|
|
- error = aa_perm_dir(active, dentry, mnt, "mkdir", AA_MAY_WRITE);
|
|
+ error = aa_perm_dir(active, dentry, mnt, "mkdir",
|
|
+ AA_MAY_WRITE);
|
|
|
|
put_aa_profile(active);
|
|
|
|
@@ -269,7 +270,8 @@ static int apparmor_inode_rmdir(struct i
|
|
active = get_active_aa_profile();
|
|
|
|
if (active)
|
|
- error = aa_perm_dir(active, dentry, mnt, "rmdir", AA_MAY_WRITE);
|
|
+ error = aa_perm_dir(active, dentry, mnt, "rmdir",
|
|
+ AA_MAY_WRITE);
|
|
|
|
put_aa_profile(active);
|
|
|
|
@@ -739,19 +741,20 @@ createfs_out:
|
|
|
|
}
|
|
|
|
-static int apparmor_exit_removeall_iter(struct subdomain *sd, void *cookie)
|
|
+static int apparmor_exit_removeall_iter(struct aa_task_context *cxt,
|
|
+ void *cookie)
|
|
{
|
|
- /* spin_lock(&sd_lock) held here */
|
|
+ /* spin_lock(&cxt_lock) held here */
|
|
|
|
- if (__aa_is_confined(sd)) {
|
|
+ if (__aa_is_confined(cxt)) {
|
|
AA_DEBUG("%s: Dropping profiles %s(%d) "
|
|
"profile %s(%p) active %s(%p)\n",
|
|
__FUNCTION__,
|
|
- sd->task->comm, sd->task->pid,
|
|
- BASE_PROFILE(sd->active)->name,
|
|
- BASE_PROFILE(sd->active),
|
|
- sd->active->name, sd->active);
|
|
- aa_switch_unconfined(sd);
|
|
+ cxt->task->comm, cxt->task->pid,
|
|
+ BASE_PROFILE(cxt->active)->name,
|
|
+ BASE_PROFILE(cxt->active),
|
|
+ cxt->active->name, cxt->active);
|
|
+ aa_switch_unconfined(cxt);
|
|
}
|
|
|
|
return 0;
|
|
@@ -773,12 +776,12 @@ static void __exit apparmor_exit(void)
|
|
* reattached
|
|
*/
|
|
|
|
- spin_lock_irqsave(&sd_lock, flags);
|
|
- aa_subdomainlist_iterate(apparmor_exit_removeall_iter, NULL);
|
|
- spin_unlock_irqrestore(&sd_lock, flags);
|
|
+ spin_lock_irqsave(&cxt_lock, flags);
|
|
+ aa_task_context_list_iterate(apparmor_exit_removeall_iter, NULL);
|
|
+ spin_unlock_irqrestore(&cxt_lock, flags);
|
|
|
|
- /* Free up list of active subdomain */
|
|
- aa_subdomainlist_release();
|
|
+ /* Free up list of active aa_task_context */
|
|
+ aa_task_context_list_release();
|
|
|
|
free_null_complain_profile();
|
|
|
|
Index: b/security/apparmor/main.c
|
|
===================================================================
|
|
--- a/security/apparmor/main.c
|
|
+++ b/security/apparmor/main.c
|
|
@@ -646,15 +646,15 @@ int aa_capability(struct aa_profile *act
|
|
{
|
|
int error = cap_raised(active->capabilities, cap) ? 0 : -EPERM;
|
|
struct aa_audit sa;
|
|
- struct subdomain *sd = AA_SUBDOMAIN(current->security);
|
|
+ struct aa_task_context *cxt = AA_TASK_CONTEXT(current->security);
|
|
|
|
/* test if cap has alread been logged */
|
|
- if (cap_raised(sd->caps_logged, cap)) {
|
|
+ if (cap_raised(cxt->caps_logged, cap)) {
|
|
if (PROFILE_COMPLAIN(active))
|
|
error = 0;
|
|
return error;
|
|
} else
|
|
- cap_raise(sd->caps_logged, cap);
|
|
+ cap_raise(cxt->caps_logged, cap);
|
|
|
|
sa.type = AA_AUDITTYPE_CAP;
|
|
sa.name = NULL;
|
|
@@ -717,50 +717,50 @@ int aa_link(struct aa_profile *active,
|
|
*******************************/
|
|
|
|
/**
|
|
- * aa_fork - create a new subdomain
|
|
+ * aa_fork - create a new aa_task_context
|
|
* @p: new process
|
|
*
|
|
- * Create a new subdomain for newly created process @p if it's parent
|
|
- * is already confined. Otherwise a subdomain will be lazily allocated
|
|
+ * Create a new aa_task_context for newly created process @p if it's parent
|
|
+ * is already confined. Otherwise a aa_task_context will be lazily allocated
|
|
* will get one with NULL values. Return 0 on sucess.
|
|
* for the child if it subsequently execs (in aa_register).
|
|
* Return 0 on sucess.
|
|
*
|
|
- * The sd_lock is used to maintain consistency against profile
|
|
+ * The cxt_lock is used to maintain consistency against profile
|
|
* replacement/removal.
|
|
*/
|
|
|
|
int aa_fork(struct task_struct *p)
|
|
{
|
|
- struct subdomain *sd = AA_SUBDOMAIN(current->security);
|
|
- struct subdomain *newsd = NULL;
|
|
+ struct aa_task_context *cxt = AA_TASK_CONTEXT(current->security);
|
|
+ struct aa_task_context *newcxt = NULL;
|
|
|
|
AA_DEBUG("%s\n", __FUNCTION__);
|
|
|
|
- if (__aa_is_confined(sd)) {
|
|
+ if (__aa_is_confined(cxt)) {
|
|
unsigned long flags;
|
|
|
|
- newsd = alloc_subdomain(p);
|
|
+ newcxt = alloc_aa_task_context(p);
|
|
|
|
- if (!newsd)
|
|
+ if (!newcxt)
|
|
return -ENOMEM;
|
|
|
|
/* Use locking here instead of getting the reference
|
|
* because we need both the old reference and the
|
|
* new reference to be consistent.
|
|
*/
|
|
- spin_lock_irqsave(&sd_lock, flags);
|
|
- aa_switch(newsd, sd->active);
|
|
- newsd->hat_magic = sd->hat_magic;
|
|
- spin_unlock_irqrestore(&sd_lock, flags);
|
|
-
|
|
- if (SUBDOMAIN_COMPLAIN(sd) &&
|
|
- sd->active == null_complain_profile)
|
|
- LOG_HINT(sd->active, GFP_KERNEL, HINT_FORK,
|
|
+ spin_lock_irqsave(&cxt_lock, flags);
|
|
+ aa_switch(newcxt, cxt->active);
|
|
+ newcxt->hat_magic = cxt->hat_magic;
|
|
+ spin_unlock_irqrestore(&cxt_lock, flags);
|
|
+
|
|
+ if (APPARMOR_COMPLAIN(cxt) &&
|
|
+ cxt->active == null_complain_profile)
|
|
+ LOG_HINT(cxt->active, GFP_KERNEL, HINT_FORK,
|
|
"pid=%d child=%d\n",
|
|
current->pid, p->pid);
|
|
}
|
|
- p->security = newsd;
|
|
+ p->security = newcxt;
|
|
return 0;
|
|
}
|
|
|
|
@@ -769,7 +769,7 @@ int aa_fork(struct task_struct *p)
|
|
* @bprm: binprm of program being registered
|
|
*
|
|
* Try to register a new program during execve(). This should give the
|
|
- * new program a valid subdomain.
|
|
+ * new program a valid aa_task_context.
|
|
*/
|
|
int aa_register(struct linux_binprm *bprm)
|
|
{
|
|
@@ -933,26 +933,26 @@ find_profile:
|
|
apply_profile:
|
|
/* Apply profile if necessary */
|
|
if (newprofile) {
|
|
- struct subdomain *sd, *lazy_sd = NULL;
|
|
+ struct aa_task_context *cxt, *lazy_cxt = NULL;
|
|
unsigned long flags;
|
|
|
|
if (newprofile == &unconstrained_flag)
|
|
newprofile = NULL;
|
|
|
|
/* grab a lock - this is to guarentee consistency against
|
|
- * other writers of subdomain (replacement/removal)
|
|
+ * other writers of aa_task_context (replacement/removal)
|
|
*
|
|
* Several things may have changed since the code above
|
|
*
|
|
- * - Task may be presently unconfined (have no sd). In which
|
|
+ * - Task may be presently unconfined (have no cxt). In which
|
|
* case we have to lazily allocate one. Note we may be raced
|
|
* to this allocation by a setprofile.
|
|
*
|
|
* - If we are a confined process, active is a refcounted copy
|
|
- * of the profile that was on the subdomain at entry.
|
|
+ * of the profile that was on the aa_task_context at entry.
|
|
* This allows us to not have to hold a lock around
|
|
* all this code. If profile replacement has taken place
|
|
- * our active may not equal sd->active any more.
|
|
+ * our active may not equal cxt->active any more.
|
|
* This is okay since the operation is treated as if
|
|
* the transition occured before replacement.
|
|
*
|
|
@@ -962,29 +962,29 @@ apply_profile:
|
|
* having to hold a lock around all this code.
|
|
*/
|
|
|
|
- if (!active && !(sd = AA_SUBDOMAIN(current->security))) {
|
|
- lazy_sd = alloc_subdomain(current);
|
|
- if (!lazy_sd) {
|
|
- AA_ERROR("%s: Failed to allocate subdomain\n",
|
|
+ if (!active && !(cxt = AA_TASK_CONTEXT(current->security))) {
|
|
+ lazy_cxt = alloc_aa_task_context(current);
|
|
+ if (!lazy_cxt) {
|
|
+ AA_ERROR("%s: Failed to allocate aa_task_context\n",
|
|
__FUNCTION__);
|
|
error = -ENOMEM;
|
|
goto cleanup;
|
|
}
|
|
}
|
|
|
|
- spin_lock_irqsave(&sd_lock, flags);
|
|
+ spin_lock_irqsave(&cxt_lock, flags);
|
|
|
|
- sd = AA_SUBDOMAIN(current->security);
|
|
- if (lazy_sd) {
|
|
- if (sd) {
|
|
- /* raced by setprofile - created sd */
|
|
- free_subdomain(lazy_sd);
|
|
- lazy_sd = NULL;
|
|
+ cxt = AA_TASK_CONTEXT(current->security);
|
|
+ if (lazy_cxt) {
|
|
+ if (cxt) {
|
|
+ /* raced by setprofile - created cxt */
|
|
+ free_aa_task_context(lazy_cxt);
|
|
+ lazy_cxt = NULL;
|
|
} else {
|
|
/* Not rcu used to get the write barrier
|
|
* correct */
|
|
- rcu_assign_pointer(current->security, lazy_sd);
|
|
- sd = lazy_sd;
|
|
+ rcu_assign_pointer(current->security, lazy_cxt);
|
|
+ cxt = lazy_cxt;
|
|
}
|
|
}
|
|
|
|
@@ -1004,7 +1004,7 @@ apply_profile:
|
|
/* Race, profile was removed, not replaced.
|
|
* Redo with error checking
|
|
*/
|
|
- spin_unlock_irqrestore(&sd_lock, flags);
|
|
+ spin_unlock_irqrestore(&cxt_lock, flags);
|
|
goto find_profile;
|
|
}
|
|
}
|
|
@@ -1018,7 +1018,7 @@ apply_profile:
|
|
* Cases 2 and 3 are marked as requiring secure exec
|
|
* (unless policy specified "unsafe exec")
|
|
*/
|
|
- if (__aa_is_confined(sd) && !unsafe_exec) {
|
|
+ if (__aa_is_confined(cxt) && !unsafe_exec) {
|
|
unsigned long bprm_flags;
|
|
|
|
bprm_flags = AA_SECURE_EXEC_NEEDED;
|
|
@@ -1026,7 +1026,7 @@ apply_profile:
|
|
((unsigned long)bprm->security | bprm_flags);
|
|
}
|
|
|
|
- aa_switch(sd, newprofile);
|
|
+ aa_switch(cxt, newprofile);
|
|
put_aa_profile(newprofile);
|
|
|
|
if (complain && newprofile == null_complain_profile)
|
|
@@ -1034,7 +1034,7 @@ apply_profile:
|
|
"pid=%d\n",
|
|
current->pid);
|
|
|
|
- spin_unlock_irqrestore(&sd_lock, flags);
|
|
+ spin_unlock_irqrestore(&cxt_lock, flags);
|
|
}
|
|
|
|
cleanup:
|
|
@@ -1047,28 +1047,28 @@ out:
|
|
}
|
|
|
|
/**
|
|
- * aa_release - release the task's subdomain
|
|
+ * aa_release - release the task's aa_task_context
|
|
* @p: task being released
|
|
*
|
|
* This is called after a task has exited and the parent has reaped it.
|
|
* @p->security blob is freed.
|
|
*
|
|
- * This is the one case where we don't need to hold the sd_lock before
|
|
- * removing a profile from a subdomain. Once the subdomain has been
|
|
- * removed from the subdomain_list, we are no longer racing other writers.
|
|
- * There may still be other readers so we must still use aa_switch
|
|
- * to put the subdomain's reference safely.
|
|
+ * This is the one case where we don't need to hold the cxt_lock before
|
|
+ * removing a profile from a aa_task_context. Once the aa_task_context has
|
|
+ * been removed from the aa_task_context_list, we are no longer racing other
|
|
+ * writers. There may still be other readers so we must still use aa_switch
|
|
+ * to put the aa_task_context's reference safely.
|
|
*/
|
|
void aa_release(struct task_struct *p)
|
|
{
|
|
- struct subdomain *sd = AA_SUBDOMAIN(p->security);
|
|
- if (sd) {
|
|
+ struct aa_task_context *cxt = AA_TASK_CONTEXT(p->security);
|
|
+ if (cxt) {
|
|
p->security = NULL;
|
|
|
|
- aa_subdomainlist_remove(sd);
|
|
- aa_switch_unconfined(sd);
|
|
+ aa_task_context_list_remove(cxt);
|
|
+ aa_switch_unconfined(cxt);
|
|
|
|
- kfree(sd);
|
|
+ kfree(cxt);
|
|
}
|
|
}
|
|
|
|
@@ -1079,20 +1079,20 @@ void aa_release(struct task_struct *p)
|
|
/**
|
|
* do_change_hat - actually switch hats
|
|
* @hat_name: name of hat to swtich to
|
|
- * @sd: current subdomain
|
|
+ * @cxt: current aa_task_context
|
|
*
|
|
* Switch to a new hat. Return %0 on success, error otherwise.
|
|
*/
|
|
-static inline int do_change_hat(const char *hat_name, struct subdomain *sd)
|
|
+static inline int do_change_hat(const char *hat_name, struct aa_task_context *cxt)
|
|
{
|
|
struct aa_profile *sub;
|
|
int error = 0;
|
|
|
|
- sub = __aa_find_profile(hat_name, &BASE_PROFILE(sd->active)->sub);
|
|
+ sub = __aa_find_profile(hat_name, &BASE_PROFILE(cxt->active)->sub);
|
|
|
|
if (sub) {
|
|
/* change hat */
|
|
- aa_switch(sd, sub);
|
|
+ aa_switch(cxt, sub);
|
|
put_aa_profile(sub);
|
|
} else {
|
|
/* There is no such subprofile change to a NULL profile.
|
|
@@ -1103,14 +1103,14 @@ static inline int do_change_hat(const ch
|
|
* N.B from the null-profile the task can still changehat back
|
|
* out to the parent profile (assuming magic != NULL)
|
|
*/
|
|
- if (SUBDOMAIN_COMPLAIN(sd)) {
|
|
- LOG_HINT(sd->active, GFP_ATOMIC, HINT_UNKNOWN_HAT,
|
|
+ if (APPARMOR_COMPLAIN(cxt)) {
|
|
+ LOG_HINT(cxt->active, GFP_ATOMIC, HINT_UNKNOWN_HAT,
|
|
"%s pid=%d "
|
|
"profile=%s active=%s\n",
|
|
hat_name,
|
|
current->pid,
|
|
- BASE_PROFILE(sd->active)->name,
|
|
- sd->active->name);
|
|
+ BASE_PROFILE(cxt->active)->name,
|
|
+ cxt->active->name);
|
|
} else {
|
|
AA_DEBUG("%s: Unknown hatname '%s'. "
|
|
"Changing to NULL profile "
|
|
@@ -1118,11 +1118,11 @@ static inline int do_change_hat(const ch
|
|
__FUNCTION__,
|
|
hat_name,
|
|
current->comm, current->pid,
|
|
- BASE_PROFILE(sd->active)->name,
|
|
- sd->active->name);
|
|
+ BASE_PROFILE(cxt->active)->name,
|
|
+ cxt->active->name);
|
|
error = -EACCES;
|
|
}
|
|
- aa_switch(sd, sd->active->null_profile);
|
|
+ aa_switch(cxt, cxt->active->null_profile);
|
|
}
|
|
|
|
return error;
|
|
@@ -1134,14 +1134,14 @@ static inline int do_change_hat(const ch
|
|
* @hat_magic: token to validate hat change
|
|
*
|
|
* Change to new @hat_name when current hat is top level profile, and store
|
|
- * the @hat_magic in the current subdomain. If the new @hat_name is
|
|
- * %NULL, and the @hat_magic matches that stored in the current subdomain
|
|
+ * the @hat_magic in the current aa_task_context. If the new @hat_name is
|
|
+ * %NULL, and the @hat_magic matches that stored in the current aa_task_context
|
|
* return to original top level profile. Returns %0 on success, error
|
|
* otherwise.
|
|
*/
|
|
int aa_change_hat(const char *hat_name, u32 hat_magic)
|
|
{
|
|
- struct subdomain *sd = AA_SUBDOMAIN(current->security);
|
|
+ struct aa_task_context *cxt = AA_TASK_CONTEXT(current->security);
|
|
int error = 0;
|
|
|
|
AA_DEBUG("%s: %p, 0x%x (pid %d)\n",
|
|
@@ -1150,21 +1150,21 @@ int aa_change_hat(const char *hat_name,
|
|
current->pid);
|
|
|
|
/* Dump out above debugging in WARN mode if we are in AUDIT mode */
|
|
- if (SUBDOMAIN_AUDIT(sd)) {
|
|
+ if (APPARMOR_AUDIT(cxt)) {
|
|
AA_WARN("%s: %s, 0x%x (pid %d)\n",
|
|
__FUNCTION__, hat_name ? hat_name : "NULL",
|
|
hat_magic, current->pid);
|
|
}
|
|
|
|
/* check to see if an unconfined process is doing a changehat. */
|
|
- if (!__aa_is_confined(sd)) {
|
|
+ if (!__aa_is_confined(cxt)) {
|
|
error = -EPERM;
|
|
goto out;
|
|
}
|
|
|
|
/* check to see if the confined process has any hats. */
|
|
- if (list_empty(&BASE_PROFILE(sd->active)->sub) &&
|
|
- !PROFILE_COMPLAIN(sd->active)) {
|
|
+ if (list_empty(&BASE_PROFILE(cxt->active)->sub) &&
|
|
+ !PROFILE_COMPLAIN(cxt->active)) {
|
|
error = -ECHILD;
|
|
goto out;
|
|
}
|
|
@@ -1172,7 +1172,7 @@ int aa_change_hat(const char *hat_name,
|
|
/* Check whether current domain is parent
|
|
* or one of the sibling children
|
|
*/
|
|
- if (!IN_SUBPROFILE(sd->active)) {
|
|
+ if (!IN_SUBPROFILE(cxt->active)) {
|
|
/*
|
|
* parent
|
|
*/
|
|
@@ -1189,8 +1189,8 @@ int aa_change_hat(const char *hat_name,
|
|
* (or null-profile, if the hat doesn't exist) until
|
|
* the task terminates
|
|
*/
|
|
- sd->hat_magic = hat_magic;
|
|
- error = do_change_hat(hat_name, sd);
|
|
+ cxt->hat_magic = hat_magic;
|
|
+ error = do_change_hat(hat_name, cxt);
|
|
} else {
|
|
/* Got here via changehat(NULL, magic)
|
|
*
|
|
@@ -1205,41 +1205,41 @@ int aa_change_hat(const char *hat_name,
|
|
* Handle special casing of NULL magic which confines task
|
|
* to subprofile and prohibits further changehats
|
|
*/
|
|
- if (hat_magic == sd->hat_magic && sd->hat_magic) {
|
|
+ if (hat_magic == cxt->hat_magic && cxt->hat_magic) {
|
|
if (!hat_name) {
|
|
/*
|
|
* Got here via changehat(NULL, magic)
|
|
* Return from subprofile, back to parent
|
|
*/
|
|
- aa_switch(sd, sd->active->parent);
|
|
+ aa_switch(cxt, cxt->active->parent);
|
|
|
|
/* Reset hat_magic to zero.
|
|
* New value will be passed on next changehat
|
|
*/
|
|
- sd->hat_magic = 0;
|
|
+ cxt->hat_magic = 0;
|
|
} else {
|
|
/* change to another (sibling) profile */
|
|
- error = do_change_hat(hat_name, sd);
|
|
+ error = do_change_hat(hat_name, cxt);
|
|
}
|
|
- } else if (sd->hat_magic) {
|
|
+ } else if (cxt->hat_magic) {
|
|
AA_ERROR("KILLING process %s(%d) "
|
|
"Invalid change_hat() magic# 0x%x "
|
|
"(hatname %s profile %s active %s)\n",
|
|
current->comm, current->pid,
|
|
hat_magic,
|
|
hat_name ? hat_name : "NULL",
|
|
- BASE_PROFILE(sd->active)->name,
|
|
- sd->active->name);
|
|
+ BASE_PROFILE(cxt->active)->name,
|
|
+ cxt->active->name);
|
|
|
|
/* terminate current process */
|
|
(void)send_sig_info(SIGKILL, NULL, current);
|
|
- } else { /* sd->hat_magic == NULL */
|
|
+ } else { /* cxt->hat_magic == NULL */
|
|
AA_ERROR("KILLING process %s(%d) "
|
|
"Task was confined to current subprofile "
|
|
"(profile %s active %s)\n",
|
|
current->comm, current->pid,
|
|
- BASE_PROFILE(sd->active)->name,
|
|
- sd->active->name);
|
|
+ BASE_PROFILE(cxt->active)->name,
|
|
+ cxt->active->name);
|
|
|
|
/* terminate current process */
|
|
(void)send_sig_info(SIGKILL, NULL, current);
|
|
Index: b/security/apparmor/module_interface.c
|
|
===================================================================
|
|
--- a/security/apparmor/module_interface.c
|
|
+++ b/security/apparmor/module_interface.c
|
|
@@ -38,109 +38,110 @@ static void free_aa_profile_rcu(struct r
|
|
}
|
|
|
|
/**
|
|
- * task_remove - remove profile from a task's subdomain
|
|
- * @sd: task's subdomain
|
|
+ * task_remove - remove profile from a task's aa_task_context
|
|
+ * @cxt: task's aa_task_context
|
|
*
|
|
- * remove the active profile from a task's subdomain, switching the task
|
|
+ * remove the active profile from a task's aa_task_context, switching the task
|
|
* to an unconfined state.
|
|
*/
|
|
-static inline void task_remove(struct subdomain *sd)
|
|
+static inline void task_remove(struct aa_task_context *cxt)
|
|
{
|
|
- /* spin_lock(&sd_lock) held here */
|
|
+ /* spin_lock(&cxt_lock) held here */
|
|
AA_DEBUG("%s: removing profile from task %s(%d) profile %s active %s\n",
|
|
__FUNCTION__,
|
|
- sd->task->comm,
|
|
- sd->task->pid,
|
|
- BASE_PROFILE(sd->active)->name,
|
|
- sd->active->name);
|
|
+ cxt->task->comm,
|
|
+ cxt->task->pid,
|
|
+ BASE_PROFILE(cxt->active)->name,
|
|
+ cxt->active->name);
|
|
|
|
- aa_switch_unconfined(sd);
|
|
+ aa_switch_unconfined(cxt);
|
|
}
|
|
|
|
-/** taskremove_iter - Iterator to unconfine subdomains which match cookie
|
|
- * @sd: subdomain to consider for profile removal
|
|
+/** taskremove_iter - Iterator to unconfine aa_task_contexts which match cookie
|
|
+ * @cxt: aa_task_context to consider for profile removal
|
|
* @cookie: pointer to the oldprofile which is being removed
|
|
*
|
|
- * If the subdomain's active profile matches old_profile, then call
|
|
- * task_remove() to remove the profile leaving the task (subdomain) unconfined.
|
|
+ * If the aa_task_context's active profile matches old_profile, then call
|
|
+ * task_remove() to remove the profile leaving the task (aa_task_context) unconfined.
|
|
*/
|
|
-static int taskremove_iter(struct subdomain *sd, void *cookie)
|
|
+static int taskremove_iter(struct aa_task_context *cxt, void *cookie)
|
|
{
|
|
struct aa_profile *old_profile = (struct aa_profile *)cookie;
|
|
unsigned long flags;
|
|
|
|
- spin_lock_irqsave(&sd_lock, flags);
|
|
+ spin_lock_irqsave(&cxt_lock, flags);
|
|
|
|
- if (__aa_is_confined(sd) && BASE_PROFILE(sd->active) == old_profile) {
|
|
- task_remove(sd);
|
|
+ if (__aa_is_confined(cxt) && BASE_PROFILE(cxt->active) == old_profile) {
|
|
+ task_remove(cxt);
|
|
}
|
|
|
|
- spin_unlock_irqrestore(&sd_lock, flags);
|
|
+ spin_unlock_irqrestore(&cxt_lock, flags);
|
|
|
|
return 0;
|
|
}
|
|
|
|
-/** task_replace - replace subdomain's current profile with a new profile
|
|
- * @sd: subdomain to replace the profile on
|
|
+/** task_replace - replace aa_task_context's current profile with a new profile
|
|
+ * @cxt: aa_task_context to replace the profile on
|
|
* @new: new profile
|
|
*
|
|
- * Replace a task's (subdomain's) active profile with a new profile. If
|
|
+ * Replace a task's (aa_task_context's) active profile with a new profile. If
|
|
* task was in a hat then the new profile will also be in the equivalent
|
|
* hat in the new profile if it exists. If it doesn't exist the
|
|
* task will be placed in the special null_profile state.
|
|
*/
|
|
-static inline void task_replace(struct subdomain *sd, struct aa_profile *new)
|
|
+static inline void task_replace(struct aa_task_context *cxt,
|
|
+ struct aa_profile *new)
|
|
{
|
|
AA_DEBUG("%s: replacing profile for task %s(%d) "
|
|
"profile=%s (%p) active=%s (%p)\n",
|
|
__FUNCTION__,
|
|
- sd->task->comm, sd->task->pid,
|
|
- BASE_PROFILE(sd->active)->name, BASE_PROFILE(sd->active),
|
|
- sd->active->name, sd->active);
|
|
+ cxt->task->comm, cxt->task->pid,
|
|
+ BASE_PROFILE(cxt->active)->name, BASE_PROFILE(cxt->active),
|
|
+ cxt->active->name, cxt->active);
|
|
|
|
- if (!sd->active)
|
|
+ if (!cxt->active)
|
|
goto out;
|
|
|
|
- if (IN_SUBPROFILE(sd->active)) {
|
|
+ if (IN_SUBPROFILE(cxt->active)) {
|
|
struct aa_profile *nactive;
|
|
|
|
/* The old profile was in a hat, check to see if the new
|
|
* profile has an equivalent hat */
|
|
- nactive = __aa_find_profile(sd->active->name, &new->sub);
|
|
+ nactive = __aa_find_profile(cxt->active->name, &new->sub);
|
|
|
|
if (!nactive)
|
|
nactive = get_aa_profile(new->null_profile);
|
|
|
|
- aa_switch(sd, nactive);
|
|
+ aa_switch(cxt, nactive);
|
|
put_aa_profile(nactive);
|
|
} else {
|
|
- aa_switch(sd, new);
|
|
+ aa_switch(cxt, new);
|
|
}
|
|
|
|
out:
|
|
return;
|
|
}
|
|
|
|
-/** taskreplace_iter - Iterator to replace a subdomain's profile
|
|
- * @sd: subdomain to consider for profile replacement
|
|
+/** taskreplace_iter - Iterator to replace a aa_task_context's profile
|
|
+ * @cxt: aa_task_context to consider for profile replacement
|
|
* @cookie: pointer to the old profile which is being replaced.
|
|
*
|
|
- * If the subdomain's active profile matches old_profile call
|
|
- * task_replace() to replace with the subdomain's active profile with
|
|
+ * If the aa_task_context's active profile matches old_profile call
|
|
+ * task_replace() to replace with the aa_task_context's active profile with
|
|
* the new profile.
|
|
*/
|
|
-static int taskreplace_iter(struct subdomain *sd, void *cookie)
|
|
+static int taskreplace_iter(struct aa_task_context *cxt, void *cookie)
|
|
{
|
|
struct aa_taskreplace_data *data = (struct aa_taskreplace_data *)cookie;
|
|
unsigned long flags;
|
|
|
|
- spin_lock_irqsave(&sd_lock, flags);
|
|
+ spin_lock_irqsave(&cxt_lock, flags);
|
|
|
|
- if (__aa_is_confined(sd) &&
|
|
- BASE_PROFILE(sd->active) == data->old_profile)
|
|
- task_replace(sd, data->new_profile);
|
|
+ if (__aa_is_confined(cxt) &&
|
|
+ BASE_PROFILE(cxt->active) == data->old_profile)
|
|
+ task_replace(cxt, data->new_profile);
|
|
|
|
- spin_unlock_irqrestore(&sd_lock, flags);
|
|
+ spin_unlock_irqrestore(&cxt_lock, flags);
|
|
|
|
return 0;
|
|
}
|
|
@@ -526,7 +527,7 @@ out:
|
|
* @size: size of the serialized data stream
|
|
*
|
|
* unpack and replace a profile on the profile list and uses of that profile
|
|
- * by any subdomain. If the profile does not exist on the profile list
|
|
+ * by any aa_task_context. If the profile does not exist on the profile list
|
|
* it is added. Return %0 or error.
|
|
*/
|
|
ssize_t aa_file_prof_repl(void *udata, size_t size)
|
|
@@ -573,7 +574,7 @@ ssize_t aa_file_prof_repl(void *udata, s
|
|
data.old_profile,
|
|
data.old_profile->name);
|
|
|
|
- aa_subdomainlist_iterate(taskreplace_iter, (void *)&data);
|
|
+ aa_task_context_list_iterate(taskreplace_iter, (void *)&data);
|
|
|
|
/* it's off global list, and we are done replacing */
|
|
put_aa_profile(data.old_profile);
|
|
@@ -593,7 +594,7 @@ out:
|
|
* @name: name of the profile to remove
|
|
* @size: size of the name
|
|
*
|
|
- * remove a profile from the profile list and all subdomain references
|
|
+ * remove a profile from the profile list and all aa_task_context references
|
|
* to said profile. Return %0 on success, else error.
|
|
*/
|
|
ssize_t aa_file_prof_remove(const char *name, size_t size)
|
|
@@ -607,7 +608,8 @@ ssize_t aa_file_prof_remove(const char *
|
|
|
|
if (old_profile) {
|
|
/* remove profile from any tasks using it */
|
|
- aa_subdomainlist_iterate(taskremove_iter, (void *)old_profile);
|
|
+ aa_task_context_list_iterate(taskremove_iter,
|
|
+ (void *)old_profile);
|
|
|
|
/* drop reference obtained by aa_profilelist_remove */
|
|
put_aa_profile(old_profile);
|
|
@@ -637,7 +639,7 @@ void free_aa_profile_kref(struct kref *k
|
|
*
|
|
* free a profile, its file entries hats and null_profile. All references
|
|
* to the profile, its hats and null_profile must have been put.
|
|
- * If the profile was referenced by a subdomain free_aa_profile should be
|
|
+ * If the profile was referenced by a aa_task_context free_aa_profile should be
|
|
* called from an rcu callback routine.
|
|
*/
|
|
void free_aa_profile(struct aa_profile *profile)
|
|
Index: b/security/apparmor/procattr.c
|
|
===================================================================
|
|
--- a/security/apparmor/procattr.c
|
|
+++ b/security/apparmor/procattr.c
|
|
@@ -159,9 +159,9 @@ int aa_setprocattr_changehat(char *hatin
|
|
AA_DEBUG("%s: Magic 0x%x Hat '%s'\n",
|
|
__FUNCTION__, magic, hat ? hat : NULL);
|
|
|
|
- spin_lock_irqsave(&sd_lock, flags);
|
|
+ spin_lock_irqsave(&cxt_lock, flags);
|
|
error = aa_change_hat(hat, magic);
|
|
- spin_unlock_irqrestore(&sd_lock, flags);
|
|
+ spin_unlock_irqrestore(&cxt_lock, flags);
|
|
|
|
out:
|
|
if (token) {
|
|
@@ -177,7 +177,7 @@ int aa_setprocattr_setprofile(struct tas
|
|
{
|
|
int error = -EINVAL;
|
|
struct aa_profile *profile = NULL;
|
|
- struct subdomain *sd;
|
|
+ struct aa_task_context *cxt;
|
|
char *name = NULL;
|
|
unsigned long flags;
|
|
|
|
@@ -222,42 +222,42 @@ int aa_setprocattr_setprofile(struct tas
|
|
}
|
|
}
|
|
|
|
- spin_lock_irqsave(&sd_lock, flags);
|
|
+ spin_lock_irqsave(&cxt_lock, flags);
|
|
|
|
- sd = AA_SUBDOMAIN(p->security);
|
|
+ cxt = AA_TASK_CONTEXT(p->security);
|
|
|
|
/* switch to unconstrained */
|
|
if (!profile) {
|
|
- if (__aa_is_confined(sd)) {
|
|
+ if (__aa_is_confined(cxt)) {
|
|
AA_WARN("%s: Unconstraining task %s(%d) "
|
|
"profile %s active %s\n",
|
|
__FUNCTION__,
|
|
p->comm, p->pid,
|
|
- BASE_PROFILE(sd->active)->name,
|
|
- sd->active->name);
|
|
+ BASE_PROFILE(cxt->active)->name,
|
|
+ cxt->active->name);
|
|
|
|
- aa_switch_unconfined(sd);
|
|
+ aa_switch_unconfined(cxt);
|
|
} else {
|
|
AA_WARN("%s: task %s(%d) "
|
|
"is already unconstrained\n",
|
|
__FUNCTION__, p->comm, p->pid);
|
|
}
|
|
} else {
|
|
- if (!sd) {
|
|
+ if (!cxt) {
|
|
/* this task was created before module was
|
|
- * loaded, allocate a subdomain
|
|
+ * loaded, allocate a aa_task_context
|
|
*/
|
|
- AA_WARN("%s: task %s(%d) has no subdomain\n",
|
|
+ AA_WARN("%s: task %s(%d) has no aa_task_context\n",
|
|
__FUNCTION__, p->comm, p->pid);
|
|
|
|
/* unlock so we can safely GFP_KERNEL */
|
|
- spin_unlock_irqrestore(&sd_lock, flags);
|
|
+ spin_unlock_irqrestore(&cxt_lock, flags);
|
|
|
|
- sd = alloc_subdomain(p);
|
|
- if (!sd) {
|
|
- AA_WARN("%s: Unable to allocate subdomain for "
|
|
- "task %s(%d). Cannot confine task to "
|
|
- "profile %s\n",
|
|
+ cxt = alloc_aa_task_context(p);
|
|
+ if (!cxt) {
|
|
+ AA_WARN("%s: Unable to allocate "
|
|
+ "aa_task_context for task %s(%d). "
|
|
+ "Cannot confine task to profile %s\n",
|
|
__FUNCTION__,
|
|
p->comm, p->pid,
|
|
name);
|
|
@@ -268,12 +268,12 @@ int aa_setprocattr_setprofile(struct tas
|
|
goto out;
|
|
}
|
|
|
|
- spin_lock_irqsave(&sd_lock, flags);
|
|
- if (!AA_SUBDOMAIN(p->security)) {
|
|
- p->security = sd;
|
|
+ spin_lock_irqsave(&cxt_lock, flags);
|
|
+ if (!AA_TASK_CONTEXT(p->security)) {
|
|
+ p->security = cxt;
|
|
} else { /* race */
|
|
- free_subdomain(sd);
|
|
- sd = AA_SUBDOMAIN(p->security);
|
|
+ free_aa_task_context(cxt);
|
|
+ cxt = AA_TASK_CONTEXT(p->security);
|
|
}
|
|
}
|
|
|
|
@@ -288,7 +288,7 @@ int aa_setprocattr_setprofile(struct tas
|
|
|
|
if (!profile) {
|
|
/* Race, profile was removed. */
|
|
- spin_unlock_irqrestore(&sd_lock, flags);
|
|
+ spin_unlock_irqrestore(&cxt_lock, flags);
|
|
goto repeat;
|
|
}
|
|
}
|
|
@@ -304,12 +304,12 @@ int aa_setprocattr_setprofile(struct tas
|
|
"profile %s active %s to new profile %s\n",
|
|
__FUNCTION__,
|
|
p->comm, p->pid,
|
|
- sd->active ? BASE_PROFILE(sd->active)->name :
|
|
+ cxt->active ? BASE_PROFILE(cxt->active)->name :
|
|
"unconstrained",
|
|
- sd->active ? sd->active->name : "unconstrained",
|
|
+ cxt->active ? cxt->active->name : "unconstrained",
|
|
name);
|
|
|
|
- aa_switch(sd, profile);
|
|
+ aa_switch(cxt, profile);
|
|
|
|
put_aa_profile(profile); /* drop ref we obtained above
|
|
* from aa_profilelist_find
|
|
@@ -319,10 +319,10 @@ int aa_setprocattr_setprofile(struct tas
|
|
* This is the only case where we zero the magic after
|
|
* calling aa_switch
|
|
*/
|
|
- sd->hat_magic = 0;
|
|
+ cxt->hat_magic = 0;
|
|
}
|
|
|
|
- spin_unlock_irqrestore(&sd_lock, flags);
|
|
+ spin_unlock_irqrestore(&cxt_lock, flags);
|
|
|
|
error = 0;
|
|
out:
|
|
Index: b/security/apparmor/capabilities.c
|
|
===================================================================
|
|
--- a/security/apparmor/capabilities.c
|
|
+++ b/security/apparmor/capabilities.c
|
|
@@ -40,7 +40,9 @@ static const char *cap_names[] = {
|
|
"sys_time",
|
|
"sys_tty_config",
|
|
"mknod",
|
|
- "lease"
|
|
+ "lease",
|
|
+ "audit_write",
|
|
+ "audit_control"
|
|
};
|
|
|
|
const char *capability_to_name(unsigned int cap)
|